Darkandroider 🤘🏻💻🤘🏻

Después de dos años fuera del mundo del Bug Bounty, decidí volver este año y probar suerte: - 4 vulnerabilidades pagadas - 6 vulnerabilidades resueltas pdtes. de pago - 5 vulnerabilidades en Triaged - 2 vulnerabilidades nuevas Es difícil pero no imposible. No te rindas nunca 💪

Esta herramienta te deja buscar cualquier escena o movimiento dentro de horas de vídeos en mp4 y sacar el clip exacto al instante. 100% open source y funciona en local.

My first write-up about a vulnerability I found in a private HackerOne program, with a $3,000 bounty. Read here: github.com/52-HRTZ/securi… #BugBounty #HackerOne

"Proteger" el fútbol ya penaliza a nuestro ecosistema tecnológico: ➡️ Vercel y BunnyCDN retiran sus nodos en España 👇 bandaancha.eu/foros/proteger…

@bandaanchaeu Sinceramente, Vercel se lo merece. A ver si han aprendido la lección de a dónde te lleva creer que "colaborar" con un bully te va a proteger. Espero que les vaya especialmente mal y aprendan la lección.

To be secure in 2026 you have to shut down your bug bounty program on HackerOne. Lovable got hacked because HackerOne's incompetent triage team closed multiple valid vulnerability reports starting February 22, 2026 as "intended behavior." Poorly trained monkeys. Zero escalation to Lovable's security team. AI bots auto-closing critical findings. The result? Public project chat history and source code were exposed for MONTHS until a researcher was forced to go public. Two companies. Same platform. Same failure. Same lies. ClickUp. Lovable. Both breached because HackerOne buried critical reports while collecting your bounty fees. HackerOne is NOT a security partner. They are a liability. They close real vulnerabilities. They protect their own metrics over your data. They let researchers get attacked while they stay silent. Stop paying HackerOne to get hacked. lovable.dev/blog/our-respo…

Está LaLiga bloqueando más de 1000 IPs de @awscloud, en concreto del servicio de S3 de la región us-east-1... Casi nada. hayahora.futbol

SQL Injections aren't dead! ❌ You just need to know where and how to test for them! 🤠 In our latest article, we explored how SQL injections arise, how to test and exploit them to leak secrets, bypass authentication, and even achieve RCEs! 😎 Read the article today! 👇 intigriti.com/researchers/bl…

Organizaciones civiles denuncian ante la Comisión Europea la pasividad de las instituciones ante los bloqueos de Internet en la lucha contra la piratería internautas.org/denuncia-ce/ #LaLigaGate

❌ Se acabaron los "daños colaterales" de Javier Tebas: el Congreso frena los bloqueos indiscriminados de IPs por parte de LaLiga. ➡️ Tras años de bloqueos masivos sin control, se impondrán límites para que el Internet español no se paralice cada... larazon.es/tecnologia-con…

Parece que las cosas entran en el camino del sentido común y el Congreso, finalmente, toma cartas en el asunto: democrata.es/politica/congr… Mi nivel de confianza en el sistema ha aumentado de golpe y creo que esta información ayudará al @TConstitucionE a poder decidir.

GitHub - mazen160/secrets-patterns-db: Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more. · GitHub github.com/mazen160/secre…

🚨 BREAKING: Wiz Research discovered Remote Code Execution on GitHub.com with a single git push The flaw in @github allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯

I wanna share with you a bug I found lately 👇 Found an issue during a pentest for a friend’s company. The app was just a single-page site — no login, no account system, only a Calendly booking. Did some port scanning → found a few open ports One stood out: 19540 (Milvus DB) Started digging… → Found the Swagger docs → Pulled all API endpoints using Claude → Tried hitting them… all required auth ❌ No luck… until I tried default creds: root:milvus gave the credential back to claude and: 💥 BOOM — full access All APIs unlocked → 250+ private conversations + files exposed From a “simple” 1-page app with no login 😅 When I reported it, they couldn’t believe it started from just their main domain. #BugBounty #Hacking #CyberSecurity

Car Hacking with GearGoat GearGoat is a car simulator that allows you to work with the CAN bus, which is the internal communication network used by most modern vehicles In the real world, this is equal to connecting a CAN adapter such as CANable or Macchina M2 into the OBD-II port, which is typically located under the dashboard. This port is essentially a gateway into the vehicle’s internal network See it in action on our article: hackers-arise.com/automobile-hac… @three_cube @_aircorridor #cybersecurity

Hola @O2, dadle las gracias a @zeleris porque no sólo llevan desde el día 13 para entregar 2 SIM, sino que HOY, que ha habido gente en casa TODO EL DIA, han enviado un SMS diciendo que el paquete no se ha podido entregar porque no había NADIE. Buscando nueva compañía 👋

Nginx Proxy Manager: La forma más segura y eficiente de exponer servicios al exterior alozano.net/nginx-proxy-ma…

吓到我了！ GitHub上有个工具叫GhostTrack，输入一个手机号，能直接扫出这人在哪些平台注册过账号，还能查IP定位、运营商信息。 克隆代码跑脚本，5分钟搞定，门槛低得离谱。你以为自己在网上隐身呢？ 早被扒得透透的了。信息安全这事，真得重视起来。 🔗 github.com/HunxByts/Ghost…

🚨 Arkadaşlar, web scraping yapan herkesin mutlaka denemesi gereken bir araç çıktı. 🫪 🚀 Obscura, Rust ile yazılmış ultra hafif ve son derece stealth bir headless browser. 💥 Öne çıkan özellikleri: 👇🏻 - Sadece 30 MB RAM tüketiyor - Her yeni session’da tarayıcı parmak izini sıfırdan üretiyor - 3500’den fazla tracker domain’ini (Hotjar, analytics vb.) varsayılan olarak blokluyor - Puppeteer ve Playwright ile tam uyumlu - Bot tespitini çok zorlaştırıyor Klasik Chrome tabanlı headless browser’lara göre çok daha hafif, gizli ve etkili çalışıyor. Web scraping, veri toplama ve otomasyon işleriyle uğraşıyorsanız bu aracı mutlaka incelemenizi öneririm. 🔗 GitHub: github.com/h4ckf0r0day/ob…

403 bypass tools for bug bounty hunters: bypass-403 → github.com/iamj0ker/bypas… nomore403 → github.com/devploit/nomor… 4-ZERO-3 → github.com/Dheerajmadhuka… byp4xx → github.com/lobuhi/byp4xx dontgo403 → github.com/mbrg/dontgo403 #bugbounty #bugbountytips #infosec #websecurity #hacking

A cheat sheet with everything I’ve learned about @FFmpeg github.com/rendi-api/ffmp…